status-im
/
miniupnp
mirror of https://github.com/status-im/miniupnp.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

minixml.c: fix heap buffer overflow 

should fix #268
This commit is contained in:
Thomas Bernard 2017-12-11 14:59:29 +01:00
parent 7aeb624b44
commit a0573e2518
2 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
miniupnpc/minixml.c
View File

@ -1,10 +1,11 @@
/* $Id: minixml.c,v 1.10 2012/03/05 19:42:47 nanard Exp $ */ /* $Id: minixml.c,v 1.10 2012/03/05 19:42:47 nanard Exp $ */
/* minixml.c : the minimum size a xml parser can be ! */ /* vim: tabstop=4 shiftwidth=4 noexpandtab
* minixml.c : the minimum size a xml parser can be ! */
/* Project : miniupnp /* Project : miniupnp
* webpage: http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * webpage: http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* Author : Thomas Bernard * Author : Thomas Bernard
Copyright (c) 2005-2014, Thomas BERNARD Copyright (c) 2005-2017, Thomas BERNARD
All rights reserved. All rights reserved.
Redistribution and use in source and binary forms, with or without Redistribution and use in source and binary forms, with or without
@ -161,7 +162,8 @@ static void parseelt(struct xmlparser * p)
if (p->xml >= p->xmlend) if (p->xml >= p->xmlend)
return; return;
} }
if(memcmp(p->xml, "<![CDATA[", 9) == 0) /* CDATA are at least 9 + 3 characters long : <![CDATA[ ]]> */
if((p->xmlend >= (p->xml + (9 + 3))) && (memcmp(p->xml, "<![CDATA[", 9) == 0))
{ {
/* CDATA handling */ /* CDATA handling */
p->xml += 9; p->xml += 9;

8
miniupnpd/minixml.c
View File

@ -1,10 +1,11 @@
/* $Id: minixml.c,v 1.10 2012/03/05 19:42:47 nanard Exp $ */ /* $Id: minixml.c,v 1.10 2012/03/05 19:42:47 nanard Exp $ */
/* minixml.c : the minimum size a xml parser can be ! */ /* vim: tabstop=4 shiftwidth=4 noexpandtab
* minixml.c : the minimum size a xml parser can be ! */
/* Project : miniupnp /* Project : miniupnp
* webpage: http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * webpage: http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* Author : Thomas Bernard * Author : Thomas Bernard
Copyright (c) 2005-2014, Thomas BERNARD Copyright (c) 2005-2017, Thomas BERNARD
All rights reserved. All rights reserved.
Redistribution and use in source and binary forms, with or without Redistribution and use in source and binary forms, with or without
@ -161,7 +162,8 @@ static void parseelt(struct xmlparser * p)
if (p->xml >= p->xmlend) if (p->xml >= p->xmlend)
return; return;
} }
if(memcmp(p->xml, "<![CDATA[", 9) == 0) /* CDATA are at least 9 + 3 characters long : <![CDATA[ ]]> */
if((p->xmlend >= (p->xml + (9 + 3))) && (memcmp(p->xml, "<![CDATA[", 9) == 0))
{ {
/* CDATA handling */ /* CDATA handling */
p->xml += 9; p->xml += 9;